Another web vulnerabilities scanner, this extension works on Chrome and Opera
 
 
 
 
Go to file
swisskyrepo ebe71a4861 Bugfix - POST scan was triggered by GET's forms 2016-12-30 00:41:57 +01:00
Plugin Bugfix - POST scan was triggered by GET's forms 2016-12-30 00:41:57 +01:00
Screens CSV export file + update screenshot 2016-12-28 21:16:25 +01:00
Server Bugfix - SQLi:SQLite payload was always selected 2016-12-30 00:34:53 +01:00
.gitignore .gitignore added - no more .pyc 2016-12-24 17:50:40 +01:00
README.md Bugfix - POST scan was triggered by GET's forms 2016-12-30 00:41:57 +01:00

README.md

Damn Web Scanner

Another web vulnerabilities scanner, this extension works on Chrome and Opera The extension is working on the background and will notify you if it finds any vulnerability

Currently it scans for:

  • SQL Injection
  • Cross Site Scripting
  • Local File Inclusion
  • Remote Commands Execution

Warnings : Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a BETA version, many improvements will come don't worry

Install

You need to install and configure the server, it uses ghost and flask with gunicorn

pip install requests
pip install flask
pip install pyside
pip install ghost.py --pre
pip install gunicorn
sudo apt-get install gunicorn

If you have any trouble with Ghost you should have a look to the documentation : http://ghost-py.readthedocs.org/en/latest/

1 - The extension isn't packed, to use it go to chrome://extensions or opera://extensions then select "Load unpacked extension"

2 - Don't forget to launch the server

chmod +x ./launch
./launch

3 - Edit the server configuration in popup.js and background.js with your server's informations

var config_server = "http://127.0.0.1:8000";

4 - Browse the internet ! (Don't forget to start the extension by clicking the 'START' button) You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App

New features

  • Detect if the server is up
  • Start/Stop button
  • New XSS vectors, work in different contexts (JS var, JS function, inside HTML tag, outside HTML tag)
  • Basic page to list the vulnerabilities URL and TYPE
  • Time based SQLi scanner using polyglot vectors (MySQL, SQLite, Oracle, Postgresql, SQL Server)
  • RCE scanner using polyglot vectors based on time
  • New logo for the extension
  • Re-use your cookies and user-agent to get access to page with cookie-authentication
  • Export vulnerabilities into a CSV file
  • Launch scan when a form is submitted or a page is opened via the URL bar

TODO - Work in progress

  • Should detect target in source code.. (list of targets, then launch scan)
  • Do scan_rce/xss/bsqli for POST with data dict

Thanks